If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.
EDIT. You do not need to create the Entra App. This appears to happen automatically now. I have left the steps in as this is generally useful information and may be needed for other copier brands that utilise the OAuth2 process differently.
Process is the same once you get into the copier admin section -> Choose OAuth2 -> Authorise -> Copy Code -> Launch Microsoft login -> Insert Code -> Login -> Allow Permissions -> Test -> Done.
You do not need to modify the Authentication Endpoint URL.
I have posted further down with the Client App information that shows under the Entra User Application registrations.
Hi.
Has anyone configured a 4series or new MZ series device to scan to O365 with OAuth2?
There is not much documentation on how it is done and I have done some testing of my own and I have successfully managed to make it work using a O365 account that has MFA enabled.
Steps I have carried out:
Logged in to Entra ID as Domain Admin.
Created a new Application called "OAuth2 Scan to Email" and copied down of the Application (Client) ID and the Directory (Tenant) ID - These are not required from what I have seen during the setup on a MZ2501ci
With these details ready I then logged into the copiers Command Centre and entered the follwing info:
Auth Protocvol: OAuth 2
Proxy Auth: Enter in the email account detail that will be performing the send. it must be part of the Entra Organization that the application was configured for.
Once the saved, click the button that says "Authorize"
image.png?
Paste the code in the box in the new browser window that has opened and follow the instructions to authenticate your Kyocera Device with your Exchnage account.
Once that is complete, head back to the copier interface - One final step is needed. You must update the OAuth 2 - Microsoft Exchange settings to point to the Application Endpoint URL we generated inside Entra at the start:
You may not even need to create the Entra App mentioned in the first parts and I have may have overcomplicated the setup.
I have noticed that it will automatically create an application in Entra under the user ID that you use called Exchange Online Client for Device:
No problem! I was making my own SOP as we had some clients require this setup this week, looks like the rollout by Microsoft has begun. Thought I would share what I experienced as there was no detail for the Kyoceras.
I did have to edit my post, turns out you don't need to mess about making your own connector app, the copier creates an app and registers itself under the scanner user in Entra for you. I left all the info in though as it may help in other situations.
i have recognized that a TaskALFA xx.54 did not have the Outh2 authetification Protol to choose in dropdown list. Not even if Start TLS is enabled. So what is to do here?
I just updated the firmware on our Taskalfa 3554ci to 2XD_S000.004.101. This is the latest as far as I can tell.
However, the Oauth2 option is not available for me either even with Starttls enabled.
Any ideas?
I have a TASKalfa 4054ci that I just had the vendor update firmware on. I also have no drop down option for Oauth Function Settings >Email >Authenticate as:
My only options are POP User 1, 2, or 3 and Other
I did find Proxy Authentication for Oauth2 after navigating to POP3 user settings and changing Authentication to Oauth2 but when I try to authorize the button grays out and nothing happens.
I have not had any luck with Oauth2. We are only doing scan to email internally, so I just set up HVE accounts for regular SMTP authentication. (Useful link: https://practical365.com/exchange-online-hve/). These have worked fine as long as I made sure each HVE account was excluded from the Conditional Access MFA policy.
I should have been clear in my original post that the screenshots I provided were from a UTAX 2509ci which is a MZ2501ci device.
I have just tested myself on some 4 series (UTAX 2508ci) running 2XD_S000.004.101 and the OAuth2 option is NOT shown as others have reported.
I am hoping that there will be a FW update to this series very soon as I am having more and more clients suffering from O365 Auth failures.
I am also seeing DirectSend failing now too, even with the correct Exhange Connector for the MX and SPF records set.
KM have just released FW for their previous generation 8 series machines and I am hoping that Kyocera do the same.
For some clients they were more than happy to setup a separate Gmail account using MFA and an App password for the copier, but this is not an appropriate fix for some more sensitive clients.
Comment